diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml deleted file mode 100644 index 303ce398c..000000000 --- a/.github/workflows/aur.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: Create PR for AUR - -on: - release: - types: [published] - workflow_dispatch: - inputs: - tag: - description: 'Release tag' - required: true - -jobs: - get-version: - uses: ./.github/workflows/get-version.yml - with: - version: ${{ inputs.tag }} - tarball: - name: Determines tarball url and compute checksum - runs-on: ubuntu-latest - needs: [get-version] - if: github.event_name == 'workflow_dispatch' || needs.get-version.outputs.versionType == 'stable' - env: - INPUT_TAG: ${{ inputs.tag }} - outputs: - url: ${{ steps.url.outputs.url}} - sha256: ${{ steps.sha256.outputs.sha256}} - steps: - - name: Determine tarball url - id: url - run: | - URL=""; - if [[ -n "${INPUT_TAG}" ]]; then - URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${INPUT_TAG}.tar.gz" - else - URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz" - fi - echo "url=${URL}" >> "$GITHUB_OUTPUT" - - name: Download source tarball and compute checksum - id: sha256 - run: | - curl --silent --fail-with-body -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz - TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1) - echo "sha256=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT" - aur: - name: Create PR for AUR - runs-on: ubuntu-latest - needs: [tarball, get-version] - env: - AUR_PR_URL: tbd - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - repository: 'cryptomator/aur' - token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install makepkg pacman-package-manager - - name: Checkout release branch - run: | - git checkout -b release/${{ needs.get-version.outputs.semVerStr }} - - name: Update build file - run: | - sed -i -e 's|^pkgver=.*$|pkgver=${{ needs.get-version.outputs.semVerStr }}|' PKGBUILD - sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD - sed -i -e "s|^sha256sums=.*$|sha256sums=('${{ needs.tarball.outputs.sha256 }}'|" PKGBUILD - makepkg --printsrcinfo > .SRCINFO - - name: Commit and push - run: | - git config user.name "${{ github.actor }}" - git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" - git config push.autoSetupRemote true - git stage . - git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}" - git push - - name: Create pull request - run: | - printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update build instructions\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md - PR_URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md) - echo "AUR_PR_URL=$PR_URL" >> "$GITHUB_ENV" - env: - GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - - name: Slack Notification - if: github.event_name == 'release' - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created." - SLACK_MESSAGE: "See <${{ env.AUR_PR_URL }}|PR> on how to proceed." - SLACK_FOOTER: false - MSG_MINIMAL: true \ No newline at end of file diff --git a/.github/workflows/linux-makepkg.yml b/.github/workflows/linux-makepkg.yml new file mode 100644 index 000000000..a79459612 --- /dev/null +++ b/.github/workflows/linux-makepkg.yml @@ -0,0 +1,195 @@ +name: Build Arch package + +on: + release: + types: [published] + workflow_dispatch: + inputs: + version: + description: 'Version' + required: false + create-pr: + description: 'Create a PR for AUR mirror' + type: boolean + default: false + push: + branches-ignore: + - 'dependabot/**' + paths: + - '.github/workflows/linux-makepkg.yml' + - 'dist/linux/makepkg/**' + - 'dist/linux/common/**' + - 'dist/linux/resources/**' + +jobs: + get-version: + uses: ./.github/workflows/get-version.yml + with: + version: ${{ inputs.version }} + + makepkg: + name: Build with makepkg + needs: [get-version] + runs-on: ubuntu-latest + container: + image: archlinux:base-devel + env: + PKGDEST: ${{ github.workspace }}/pkgdest + SRCDEST: ${{ github.workspace }}/srcdest + steps: + - name: Prepare pacman + run: | + pacman-key --init + pacman-key --populate archlinux + pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + path: cryptomator + - name: Create build user + run: | + useradd -m builder + echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder + chown -R builder:builder "$GITHUB_WORKSPACE" + install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" + - name: Prepare PKGBUILD + # cannot use github.workspace due to https://github.com/actions/runner/issues/2058 + run: | + export SOURCES="${SOURCES_1}${GITHUB_WORKSPACE}${SOURCES_2}" + envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < cryptomator/dist/linux/makepkg/PKGBUILD.template > PKGBUILD + env: + PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} + PKG_RELEASE: 1 + SOURCES_1: '"${_src_app_dir}::git+file://' + SOURCES_2: '/cryptomator"' + SOURCES_SHA: "'SKIP'" + - name: Build package with makepkg + run: > + sudo -u builder + env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" + makepkg --syncdeps --cleanbuild --noconfirm --log + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: arch-package + if-no-files-found: error + path: | + ${{ env.PKGDEST }}/*.pkg.tar.zst + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: pkgbuild-file + if-no-files-found: error + path: | + cryptomator/dist/linux/makepkg/PKGBUILD.template + + create-pr: + name: Create PR for AUR + if: github.event_name == 'workflow_dispatch' && inputs.create-pr || github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' + runs-on: ubuntu-latest + needs: [get-version, makepkg] + container: + image: archlinux:base-devel + env: + PKGDEST: ${{ github.workspace }}/pkgdest + SRCDEST: ${{ github.workspace }}/srcdest + steps: + - name: Prepare pacman + run: | + pacman-key --init + pacman-key --populate archlinux + pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl + - name: Download source tarball and compute checksum + id: sha256 + run: | + URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${TAG}.tar.gz" + curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" ${URL} --output cryptomator.tar.gz + TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1) + echo "value=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT" + env: + TAG: ${{ needs.get-version.outputs.semVerNum || github.event.release.tag_name }} + - name: Checkout cryptomator/aur repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + repository: 'cryptomator/aur' + token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} + - name: Create build user + run: | + useradd -m builder + echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder + chown -R builder:builder "$GITHUB_WORKSPACE" + install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" + - name: Import Cryptomator release signing key + # try first ubuntu. on failure try openpgp keyservers + run: > + sudo -u builder gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 + || sudo -u builder gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 + - name: Checkout release branch + run: git checkout -b release/${VERSION} + env: + VERSION: ${{ needs.get-version.outputs.semVerStr }} + - name: Determine pkgrel + id: pkgrel + run: | + TARGET_VERSION='${{ needs.get-version.outputs.semVerStr }}' + CURRENT_VERSION="$(sed -nE 's/^pkgver=(.*)$/\1/p' PKGBUILD | head -n1)" + CURRENT_REL="$(sed -nE 's/^pkgrel=([0-9]+).*$/\1/p' PKGBUILD | head -n1)" + + if [[ "$CURRENT_VERSION" == "$TARGET_VERSION" && "$CURRENT_REL" =~ ^[0-9]+$ ]]; then + NEXT_REL=$((CURRENT_REL + 1)) + else + NEXT_REL=1 + fi + + echo "value=${NEXT_REL}" >> "$GITHUB_OUTPUT" + - name: Download PKGBUILD template + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: pkgbuild-file + - name: Prepare PKGBUILD + run: | + envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < PKGBUILD.template > PKGBUILD + sudo -u builder makepkg --printsrcinfo > .SRCINFO + env: + PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} + PKG_RELEASE: ${{ steps.pkgrel.outputs.value }} + SOURCES: |- + "cryptomator-${pkgver//_/-}.tar.gz::https://github.com/cryptomator/cryptomator/archive/refs/tags/${pkgver//_/-}.tar.gz" + "cryptomator-${pkgver//_/-}.tar.gz.asc::https://github.com/cryptomator/cryptomator/releases/download/${pkgver//_/-}/cryptomator-${pkgver//_/-}.tar.gz.asc" + SOURCES_SHA: |- + '${{steps.sha256.outputs.value}}' + 'SKIP' + - name: Build package with makepkg + run: > + sudo -u builder + env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" + makepkg --syncdeps --cleanbuild --noconfirm --log + - name: Commit and push + run: | + git config user.name "cryptobot" + git config user.email "cryptobot@users.noreply.github.com" + git config push.autoSetupRemote true + git stage PKGBUILD .SRCINFO + git commit -m "Prepare release ${VERSION}" + git push + env: + VERSION: ${{ needs.get-version.outputs.semVerStr }}-${{ steps.pkgrel.outputs.value }} + - name: Create pull request + id: create-pr + run: | + printf "Created by event $GITHUB_EVENT_NAME in workflow $GITHUB_WORKFLOW in run $GITHUB_RUN_ID" > pr_body.md + PR_URL=$(gh pr create --title "Release $VERSION" --body-file pr_body.md) + echo "url=$PR_URL" >> "$GITHUB_OUTPUT" + env: + VERSION: ${{ needs.get-version.outputs.semVerStr }}-${{ steps.pkgrel.outputs.value }} + GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} + - name: Slack Notification + if: github.event_name == 'release' + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} + SLACK_USERNAME: 'Cryptobot' + SLACK_ICON: false + SLACK_ICON_EMOJI: ':bot:' + SLACK_CHANNEL: 'cryptomator-desktop' + SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }}." + SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.url }}|PR> on how to proceed." + SLACK_FOOTER: false + MSG_MINIMAL: true diff --git a/dist/linux/makepkg/PKGBUILD.template b/dist/linux/makepkg/PKGBUILD.template new file mode 100644 index 000000000..003ca8c47 --- /dev/null +++ b/dist/linux/makepkg/PKGBUILD.template @@ -0,0 +1,118 @@ +# Maintainer: Aaron Graves +# Contributor: Julian Raufelder +# Contributor: Morten Linderud +# Contributor: Sebastian Stenzel +# Contributor: Armin Schrenk + +pkgname=cryptomator +pkgver=$PKG_VERSION +pkgrel=$PKG_RELEASE +pkgdesc="Multiplatform transparent client-side encryption of your files in the cloud." +arch=('any') +url="https://cryptomator.org/" +license=('GPL3') +depends=('fuse3' 'alsa-lib' 'hicolor-icon-theme' 'libxtst' 'libnet' 'libxrender') +makedepends=('maven' 'unzip') +optdepends=('keepassxc-cryptomator: Use KeePassXC to store vault passwords' 'ttf-hanazono: Install this font when using Japanese system language') +_jdkver=25.0.2+10 +_jfxver=25.0.2 +_src_app_dir=cryptomator-${pkgver//_/-} +source=($SOURCES); +source_x86_64=("jdk-${_jdkver}.tar.gz::https://github.com/adoptium/temurin${_jdkver:0:2}-binaries/releases/download/jdk-${_jdkver//\+/%2B}/OpenJDK${_jdkver:0:2}U-jdk_x64_linux_hotspot_${_jdkver//\+/_}.tar.gz" + "openjfx-${_jfxver}.zip::https://download2.gluonhq.com/openjfx/${_jfxver}/openjfx-${_jfxver}_linux-x64_bin-jmods.zip") +source_aarch64=("jdk-${_jdkver}.tar.gz::https://github.com/adoptium/temurin${_jdkver:0:2}-binaries/releases/download/jdk-${_jdkver//\+/%2B}/OpenJDK${_jdkver:0:2}U-jdk_aarch64_linux_hotspot_${_jdkver//\+/_}.tar.gz" + "openjfx-${_jfxver}.zip::https://download2.gluonhq.com/openjfx/${_jfxver}/openjfx-${_jfxver}_linux-aarch64_bin-jmods.zip") +noextract=("jdk-${_jdkver}.tar.gz" "openjfx-${_jfxver}.zip") +sha256sums=($SOURCES_SHA) +sha256sums_x86_64=('987387933b64b9833846dee373b640440d3e1fd48a04804ec01a6dbf718e8ab8' + 'e0a9c29d8cf3af9b8b48848b43f87b5785bc107c53a951b19668ce05842bba1b') +sha256sums_aarch64=('a9d73e711d967dc44896d4f430f73a68fd33590dabc29a7f2fb9f593425b854c' + 'c3408f818693cce09e59829a8e862a82c7695fdfcd585c41cfd527f5fc3fe646') +options=('!strip') + +validpgpkeys=('58117AFA1F85B3EEC154677D615D449FE6E6A235') + +build() { + export JAVA_HOME="${srcdir}/jdk-${_jdkver}" + JMODS_PATH="${srcdir}/openjfx-${_jfxver}-jmods" + #JEP 493 + if ! $(${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"); then + JMODS_PATH="${JMODS_PATH}:${JAVA_HOME}/jmods:" + fi + + tar xfz "jdk-${_jdkver}.tar.gz" + + mkdir "openjfx-${_jfxver}-jmods" + unzip -j "openjfx-${_jfxver}.zip" \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d "openjfx-${_jfxver}-jmods" + + cd "${srcdir}/${_src_app_dir}" + + mvn -B clean package -DskipTests -Plinux + + cp LICENSE.txt target + cp target/cryptomator-*.jar target/mods + + cd target + + "$JAVA_HOME/bin/jlink" \ + --output runtime \ + --module-path "$JMODS_PATH" \ + --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.ec,jdk.crypto.cryptoki,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \ + --strip-native-commands \ + --no-header-files \ + --no-man-pages \ + --strip-debug \ + --compress=zip-0 + + ##Note: jpackage does not allow -beta suffixes, have to strip those + "$JAVA_HOME/bin/jpackage" \ + --type app-image \ + --runtime-image runtime \ + --input libs \ + --module-path mods \ + --module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator \ + --dest . \ + --name cryptomator \ + --vendor "Skymatic GmbH" \ + --copyright "(C) 2016 - 2026 Skymatic GmbH" \ + --java-options "--enable-preview" \ + --java-options '--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator' \ + --java-options "-Xss5m" \ + --java-options "-Xmx256m" \ + --java-options "-Dfile.encoding=\"utf-8\"" \ + --java-options "-Djava.net.useSystemProxies=true" \ + --java-options "-Dcryptomator.adminConfigPath=\"/etc/cryptomator/config.properties\"" \ + --java-options "-Dcryptomator.appVersion=\"${pkgver//_/-}\"" \ + --java-options "-Dcryptomator.buildNumber=\"aur-${pkgrel}\"" \ + --java-options "-Dcryptomator.disableUpdateCheck=true" \ + --java-options "-Dcryptomator.integrationsLinux.autoStartCmd=\"cryptomator\"" \ + --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/.config/Cryptomator/ipc.socket\"" \ + --java-options "-Dcryptomator.logDir=\"@{userhome}/.local/share/Cryptomator/logs\"" \ + --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/.local/share/Cryptomator/mnt\"" \ + --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\"" \ + --java-options "-Dcryptomator.pluginDir=\"@{userhome}/.local/share/Cryptomator/plugins\"" \ + --java-options "-Dcryptomator.p12Path=\"@{userhome}/.config/Cryptomator/key.p12\"" \ + --java-options "-Dcryptomator.settingsPath=\"@{userhome}/.config/Cryptomator/settings.json:~/.Cryptomator/settings.json\"" \ + --java-options "-Dcryptomator.showTrayIcon=true" \ + --app-version "${pkgver//_*/}" \ + --verbose +} + +package() { + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/application-vnd.cryptomator.vault.xml" "${pkgdir}/usr/share/mime/packages/cryptomator-vault.xml" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.desktop" "${pkgdir}/usr/share/applications/org.cryptomator.Cryptomator.desktop" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator256.png" "${pkgdir}/usr/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator512.png" "${pkgdir}/usr/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.svg" "${pkgdir}/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.tray.svg" "${pkgdir}/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray.svg" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg" "${pkgdir}/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray-unlocked.svg" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.tray.svg" "${pkgdir}/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-symbolic.svg" + install -Dm644 "${srcdir}/${_src_app_dir}/dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg" "${pkgdir}/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-unlocked-symbolic.svg" + + mkdir -p "${pkgdir}/opt/cryptomator/" + cp -R "${srcdir}/${_src_app_dir}/target/cryptomator" "${pkgdir}/opt/" + install -Dm644 "${srcdir}/${_src_app_dir}/target/LICENSE.txt" -t "${pkgdir}/usr/share/licenses/${pkgname}" + + mkdir -p "${pkgdir}/usr/bin" + ln -s "/opt/cryptomator/bin/cryptomator" "${pkgdir}/usr/bin/cryptomator" +}